PHI Breached in Four Recent Malware and Ransomware Attacks

Data of Teijin Automotive Technologies Welfare Plan Members Exposed in December Ransomware Attack

Teijin Automotive Technologies has lately reported potential access and theft of the protected health information (PHI) of 25,464 members of its welfare plan due to a ransomware attack on December 1, 2022. Teijin Automotive Technologies talked openly regarding the attack and what caused it. The attacker circumvented its security systems during a phishing attack. On November 30, because one employee clicked a link in a phishing email, the threat actor was able to steal login credentials, breach the firm’s servers, and install ransomware the next day. The company controlled the ransomware attack on December 5, 2022.

The IT team took prompt action to avoid any more unauthorized access. The FBI and law enforcement received notification immediately and provided help with the incident investigation. The analysis of the breached servers showed they included data associated with Teijin Automotive Technologies’ welfare plan i.e. names, addresses, dates of birth, Social Security numbers, medical insurance policy data, and banking details for a limited number of members. Teijin Automotive Technologies believes that no medical information was saved on the impacted servers.

The security and privacy of personal employee data and the business details of its clients is important to Teijin Automotive Technologies. CEO Chris Twining expressed regrets about the occurrence of the incident and apologized to its employees, clients, and impacted persons. The company has taken the following extra steps to reinforce its data security: improving its security processes, making an investment in new technology, and giving employees additional training. Teijin Automotive Technologies has notified the affected persons and offered credit monitoring services.

Malware Attack Reported by Arizona Health Advantage

Healthcare provider Arizona Health Advantage based in Chandler, AZ, also known as Arizona Priority Care and AZPC Clinics, LLC in the business community, recently reported the discovery of malware on its network. Because of the incident, some of the servers became inaccessible. Unauthorized persons were able to access and extract patient data as well as health plan member information.

The company discovered the security incident on December 5, 2022, because employees could not access files on a few of its servers. With the assistance of a third-party computer forensics firm, the investigation confirmed the breach with the attack happening between December 1 and December 2. The attackers exfiltrated files that included the information of patients and members of these health plans: Alignment Health Insurance Company of Arizona, Inc., Alignment Health Plan of Arizona, Inc., Blue Cross Blue Shield of Arizona, WellCare Health Plans of Arizona, Inc. (Centene), and Health Net of Arizona, Inc. (Centene).

The types of information affected differed from one person to another. They might have involved names, birth dates, addresses, treatment dates, treatment details, health plan member numbers, service authorization numbers, and other personal data. Impacted persons received notifications and offers of membership to a credit monitoring service for one year. Extra security measures and practices have already been carried out to secure against attacks later on. As per the HHS’ Office for Civil Rights, the PHI of 10,978 persons was possibly exposed.

Garrison Women’s Health Reports Patient Data Access Due to Malware

Garrison Women’s Health based in Dover, NH, a division of Wentworth-Douglass Hospital, has just reported the potential theft of the PHI of 4,158 patients in a cyberattack involving Global Network Systems, its business associate.

Global Network Systems, a company offering technology services, discovered the cyberattack on December 12, 2022. As a result, a network breakdown made its systems inaccessible. The investigation revealed that an unauthorized third party had accessed Global’s network for 8 months. It was initially accessed on April 29, 2022.

Garrison Women’s Health stated the attack destroyed files in its electronic health records. Global wasn’t able to recover that information, which it hosted. The corrupted information was associated with patients who got healthcare services from April 29, 2022 to December 12, 2022, and contained health and treatment details, coding, claims information, insurance details, payment data, doctor notes, and scheduling details.

Garrison Women’s Health stated it could not recover the corrupted information from backup copies, however, it was possible to regain access to the data stored in certain radiology and ultrasound apps. After looking into other possible backup sources, Garrison was able to bring back its electronic medical record system and restore information before April 28, 2022.

Although the incident report did not mention it was a ransomware attack, it got the distinctions. Garrison Women’s Health stated it doesn’t believe there was any patient data misuse, though impacted persons were instructed to keep an eye on their accounts and Explanation of Benefits statements for suspicious transactions.

Although there was confirmed data loss, Garrison Women’s Health explained that part of the lost data was probably copied and kept by a patient’s primary care doctor, hospital, or other companies, or may have been acquired by the health plan of the patient.

Riverside Health System Data Exposed Due to Malware Attack on Intelligent Business Solutions

Intelligent Business Solutions (IBS) has lately began issuing notifications to Riverside Health System’s cardio-thoracic patients to tell them that some of their personal data and PHI were potentially viewed or stolen. IBS detected a security breach on or around November 14, 2022 after identifying suspicious activity inside the IBS system. The forensic investigators determined the use of malware to encrypt files on selected servers and systems. The breach occurred between November 10, 2022 and November 15, 2022.

The analysis of the impacted files showed they included these data types: name, birth date, medical insurance data, medical treatment details, and procedure details. Although data was likely stolen, IBS did not receive of any report of actual or attempted improper use of the stolen data. IBS stated it had comprehensive guidelines, procedures, and cybersecurity defenses set up, however, it could not stop the attack. Those cybersecurity procedures are under review and will be revised, as needed, to minimize the probability of more attacks. Impacted persons received offers of free memberships to identity theft protection and credit monitoring services for two years.